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DETAILED ACTION 

1. Claims 1-80, 107-130, 147, and 148 remain for examination. The amendment filed 3/10/08 
amended claims 1, 73, 107, & 100; and added claims 147 & 148. 

Response to Arguments 

2. It is observed that, contrary to Applicant's assertion on page 28 of the amendment of 3/1 0/08, 
Applicant did not amend claim 130 to incorporate the new limitation(s) present in the other 
independent claims. Applicant's arguments do not apply to claim 130 and thus the rejection of that 
claim stands without further comment. 

3. Applicant's arguments with respect to claims 1-80, 107-129, 147 & 148 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 

4. The text of those sections of Title 35, U.S. Code not included in this action can be found in a 
prior Office action. 

5. Claim 130 is rejected under 35 U.S.C. 102(b) as being anticipated by Ronning (U.S. Patent 
5,903,647). 

Regarding claim 130: 

Ronning discloses a system for information protection, comprising: defining an information 
protection policy with respect to certain information item (col. 5, lines 25-40); determining the 
measures required to protect said information according to said policy (Ibid, and col. 4, lines 17-23); 
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and allowing said usage on a computer workstation of information comprising said items for which an 
information protection policy is defined only while said required measures are being applied (Ibid). 

Claim Rejections - 35 USC § 103 

6. Claims 1-72 and 110-129 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ginter et al (U.S. Patent 5,892,900) in view of Lacan et al. (U.S. Patent 7,370,366) 

Regarding claims 1 and 110: 

Ginter discloses a method and system for computer workstation based information protection, 
comprising: monitoring user's actions on said computer workstation (col. 1, lines 20-30); analysis of 
said actions in respect to a predefined policy to determine whether said actions prejudice information 
to which the policy applies (col. 302, line 40 - col. 303, line 40); and executing said policy in 
accordance with the results of said analysis to control said actions (Ibid). 

Although Ginter discloses using statistics and statistical analysis in the disclosed system (col. 
105, lines 15-50), it appears to be silent regarding using the statistical analysis to identify confidential 
information. However, Lacan discloses a general technique for data management using statistical 
analysis to identify confidential information in one's data (col. 6, lines 5-20; col. 6, line 50 - col. 7, line 
20; col. 8, lines 5-15). The claims are thus obvious because the ability to use statistical analysis to 
identify confidential data was a technique that was within the capabilities of one of ordinary skill in the 
art, in view of its teaching for improvement in similar situations. 
Regarding claims 2 and 111: 
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Ginter further discloses wherein said policy comprises restrictions on at least one of: print, 
save, copy, autosave, fax (col. 252, line 40 - col. 253, line 30). 
Regarding claims 3 and 1 1 2: 

Ginter further discloses wherein said monitoring said user's actions on said workstation 
computer comprise detection of indications of attempts of tampering (col. 85, lines 45-57). 
Regarding claim 4: 

Ginter further discloses obtaining logical indications or statistical indications (Ibid, and col. 88, 
lines 10-50). 

Regarding claims 5 and 1 1 3: 

Ginter further discloses detection of at least one uncertified add-in (col. 85, lines 45-65, noting 
that uncertified add-ons would not be validated). 
Regarding claim 6: 

Ginter further discloses noting that said uncertified add-in is hooked to event of a local 
operating system (Ibid). 
Regarding claims 7 and 114: 

Ginter further discloses detection of at least one debugging technique (col. 88, lines 10-50). 
Regarding claim 8: 

Ginter further discloses wherein said debugging technique comprises any of a debugger, 
virtual machine, software emulator, software trap, and remote administration tool (Ibid). 
Regarding claims 9 and 1 1 5: 

Ginter further discloses wherein said policy comprises restrictions of actions made available to 
said user upon detection of indications of attempts of tampering (col. 176, lines 5-20). 
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Regarding claims 1 0 and 116: 

Ginter further discloses applying restrictions on actions within a software application operable 
to process said information (col. 308, line 40 - col. 307, line 5). 
Regarding claim 11: 

Ginter further discloses performing at least one action upon detection of indications of attempts 
at tampering (col. 205, lines 40-60). 
Regarding claim 12: 

Ginter further discloses at least one of encrypting at least one buffer, and encrypting at least 
one shared memory (col. 1 99, line 33 - col. 200, line 22). 
Regarding claim 13 

Ginter further discloses wherein said actions comprise preventing the decryption of encrypted 
digital content (col. 205, lines 40-60). 
Regarding claim 14: 

Ginter further discloses wherein said pre-defined policy is defined with respect to a software 
application on said user's workstation (col. 31 1 , lines 30-60). 
Regarding claim 15: 

Ginter further discloses wherein said policy comprises reporting about attempts to perform 
actions that do not comply with an organization policy or are suspected to not comply with the 
organizational policy (col. 145, lines 25-50). 
Regarding claim 16: 
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Ginter further discloses wherein said policy comprises performing logging of attempts to 
perform actions that do not comply or are suspected to not comply with the organizational policy 
(Ibid). 

Regarding claim 17: 

Ginter further discloses protecting information held within a software data processing 
application able to process said information (col. 308, line 40 - col. 307, 5). 
Regarding claim 18: 

Ginter further discloses wherein said software data processing application operates in 
conjunction with a software client (Ibid). 
Regarding claims 1 9 and 1 1 7: 

Ginter further discloses wherein said software client is tamper resistant (col. 87, line 60 - col. 
88, line 10). 

Regarding claims 20 and 118: 

Ginter further discloses wherein said software client is operable to monitor a user's actions and 
to execute said policy (col. 307, lines 1-5). 
Regarding claims 21 and 119: 

Ginter further discloses wherein said software client is operable to monitor said user's actions 
and policy (Ibid). 
Regarding claims 22 and 120: 

Ginter further discloses wherein said software client is further operable to detect events of said 
software application (col. 42, lines 15-40). 
Regarding claim 23: 
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Ginter further discloses wherein said events comprise any of: printing, copying storing, and 
displaying said information (col. 251 , line 60 - col. 252, line 40). 
Regarding claims 24 and 1 21 : 

Ginter further discloses wherein said policy further comprises managing usage rights (col. 33, 
lines 35-65). 
Regarding claim 25: 

Ginter further discloses wherein said usage rights are determined according to any of the 
classification of the document, the classification level of the user, and the authentication level of the 
user (col. 302, lines 50-55). 
Regarding claims 26 and 122: 

Ginter further discloses wherein the usage rights comprise any of viewing at least part of said 
information; modifying at least part of said information; sending at least part of said information to a 
recipient; storing at least part of said information; storing at least part of said information by an 
application; storing at least part of said information by a file system; storing at least part of said 
information in a portable device;storing at least part of said information in a removable media; storing 
at least part of said information portable storage device that is connected to said workstation using a 
USB port; pasting at least part of said information into a document; printing at least part of said 
information; printing at least part of said information to file; printing at least part of said information to 
a fax, and printing a screen view document (col. 156, line 60 - col. 157, line 20). 
Regarding claim 27: 

Ginter further discloses wherein said policy comprises definition of actions to be performed 
(col. 189, line 40 - col. 190, line 35). 
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Regarding claim 28: 

Ginter further discloses wherein said actions comprise any of: enabling usage of at least part 
of said information, disabling usage of at least part of said information; restricting usage of at least 
part of said information according to a pre-determined set of restrictions; reporting about the usage of 
at least part of said information, and monitoring the usage of at least part of said information (Ibid). 
Regarding claim 29: 

Ginter further discloses wherein restriction of usage imposes requiring encryption of at least 
part of said protected information (col. 14, lines 25-50). 
Regarding claim 30: 

Ginter further discloses wherein said required encryption is such that corresponding encrypted 
information can be decrypted only by a secure client (Ibid). 
Regarding claim 31: 

Ginter further discloses wherein said restriction of usage requires said protected information to 
reside on a secure server (col. 106, lines 40-55). 
Regarding claim 32: 

Ginter further discloses arranging a connection between said secure server and said 
workstation such that the transport between said secure server and said workstation is protected (col. 
12, lines 30-40). 
Regarding claim 33: 

Ginter further discloses wherein said protected transport comprises encrypted transport (Ibid). 
Regarding claim 34: 
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Ginter further discloses encryption of a file comprising at least part of said protected 
information wherein said file is at least one of the following: temporary file and auto-recovery file (col. 
173, lines 13-67). 
Regarding claim 35: 

Ginter further discloses a file comprising at least part of said protected information, wherein 
said file comprises any of temporary file and auto-recover file (Ibid). 
Regarding claim 36: 

Ginter further discloses wherein said software client authenticates itself to a server before at 
least some of the sessions (col. 36, lines 10-45; col. 168, lines 45-67). 
Regarding claim 37: 

Ginter further discloses wherein said authentication depends on a classification level assigned 
to protected information (col. 302, lines 50-55). 
Regarding claim 38: 

Ginter further discloses wherein authentication is any of password based or network address 
based (col. 199, lines 5-10). 
Regarding claim 39: 

Ginter further discloses wherein said software client comprises components that can be 
automatically replaced (col. 16, lines 1-20). 
Regarding claim 40: 

Ginter further discloses wherein said secure server employs cryptographic encryption of at 
least one file containing said protected information (col. 37, lines 45-55). 
Regarding claim 41: 
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Ginter further discloses wherein communication with said server is substantially transparent to 
said user (col. 34, lines 40-50). 
Regarding claim 42: 

Ginter further discloses wherein in accordance with said policy said protected information is 
encrypted utilizing the encryption capabilities of said software application (col. 22, lines 1-5). 
Regarding claims 43 and 125: 

Ginter further discloses wherein said software application operable to process said information 
is a word processing application (col. 301 , lines 30-40). 
Regarding claim 44: 

Ginter further discloses wherein said software application comprises a control flag imparting 
the status of either read only or lock to a corresponding file, and wherein file modification within said 
software application which is operable to process said information is disabled via said flag (col. 247, 
lines 50-57). 
Regarding claim 45: 

Ginter further discloses wherein said disabling of said file modification is controlled by said 
policy (Ibid). 
Regarding claim 46: 

Ginter further discloses wherein said policy comprises adding forensic information to said 
protected information (col. 201 , line 45 - col. 202, line 5). 
Regarding claims 47 and 126: 
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Ginter further discloses wherein said software client replaces the clipboard functionality of said 
software application thereby to process said protected information with a secure clipboard 
functionality (col. 323, lines 10-55). 
Regarding claim 48: 

Ginter further discloses wherein said protected information copied into said secure clipboard is 
stored in an internal data structure inaccessible to other applications (Ibid). 
Regarding claims 49 and 127: 

Ginter further discloses wherein said software client is installed automatically from a remote 
server (col. 237, lines 20-40). 
Regarding claims 50 and 128: 

Ginter further discloses wherein said installation of said software client utilizes anti-virus 
installation infrastructure (col. 240, lines 15-42). 
Regarding claim 51 : 

Ginter further discloses wherein updates of said software client utilizes anti-virus installation 
infrastructure (Ibid). 
Regarding claim 52: 

Ginter further discloses wherein at least part of the software code of said software client 
resides in an encrypted form (col. 237, lines 20-40). 
Regarding claim 53: 

Ginter further discloses wherein at least part of the software code of said software client is 
attached to hardware of said computer workstation (col. 87, 5-30). 
Regarding claim 54: 
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Ginter further discloses wherein said software client is operable to automatically add 
information to said protected information in accordance with said policy (col. 201 , line 45 - col. 202, 
line 5). 

Regarding claim 55: 

Ginter further discloses wherein said added information comprises any of a document header, 
footer, or textual disclaimer (col. 135, lines 20-35). 
Regarding claim 56: 

Ginter further discloses wherein said software client is operable to open file that comprises 
said protected information only while connected to at least one server (col. 109, lines 20-67). 
Regarding claim 57: 

Ginter further discloses wherein said servers enforce policy with respect to said information 
(col. 302, lines 40-60). 
Regarding claim 58: 

Ginter further discloses wherein said policy implies a set of restrictions regarding the usage of 
said protected information (col. 214, lines 15-40). 
Regarding claim 59: 

Ginter further discloses wherein the client software is operable to check that it is connected to 
a predetermined server before decrypting a file that comprises protected information (col. 109, lines 
20-67). 

Regarding claim 60: 
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Ginter further discloses wherein said servers enforce a policy with respect to said protected 
information, and wherein said policy comprises a set of restrictions regarding the usage of said 
protected information (col. 214, lines 15-40). 
Regarding claim 61: 

Ginter further discloses wherein at least two servers are operable to define said policy (col. 
307, lines 25-55). 
Regarding claim 62: 

Ginter further discloses wherein in the event of two or more conflicting policies are found, a 
strictest one of the policies is identified and used (col. 43, line 55 - col. 44, line 15). 
Regarding claim 63: 

Ginter further discloses wherein in the event of two or more conflicting policies are found, a 
union of the policies is identified and used (Ibid). 
Regarding claim 64: 

Ginter further discloses wherein connection to at least two servers are required in order to 
determine policy (col. 307, lines 25-55). 
Regarding claim 65: 

Ginter further discloses wherein said server authenticates the integrity of said client by 
requiring a cryptographic hash of at least part of said client's software (col. 223, lines 45-67). 
Regarding claim 66: 

Ginter further discloses wherein said cryptographic hash is with respect to a random address 
in said client's software (col. 131, line 27 -col. 132, line 13). 
Regarding claim 67: 
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Ginter further discloses wherein said client is entangled with said server's software, such that a 
functioning stand-alone copy of said client's software does not exist (col. 103, lines 45-67). 
Regarding claim 68: 

Ginter further discloses wherein said method comprises at least two levels of protection, and 
wherein said levels of protection are operable to be configured as a function of the secrecy of said 
protected information (col. 302, lines 50-55). 
Regarding claim 69: 

Ginter further discloses wherein in the most secure of said levels of protection, said protected 
information can only be accessed while connected to said server (col. 103, lines 45-67). 
Regarding claim 70: 

Ginter further discloses wherein in at least one of said levels of protection, said information can 
be accessed for a limited time after the connection with said server was terminated (col. 32, lines 50- 
60). 

Regarding claim 71: 

Ginter further discloses wherein at least one of said levels of protection, said information can 
be accessed until the end of a current login session (col. 103, 45-67). 
Regarding claim 72: 

Ginter further discloses wherein in at least one of said levels of protection, said information can 
be unlimitedly accessed after the server approves the information (col. 198, lines 50-60). 
Regarding claim 123: 
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Ginter further discloses wherein said client software is operable to check that it is connected to 
a predetermined server before decrypting a file that comprise said protected information only while 
connected to at least one server (col. 305, lines 15-25). 
Regarding claim 124: 

Ginter further discloses wherein said servers enforce a policy with respect to said protected 
information, and wherein said policy comprises a set of restrictions regarding the usage of the said 
protected information (col. 341, lines 1-25). 
Regarding claim 129: 

Ginter further discloses wherein said software is operable to automatically add information to 
said protected information in accordance with said policy (col. 32, 25-35). 
Regarding claims 147 and 148: 

Ginter further discloses wherein controlling a user's action comprises at least one of preventing 
said action, monitoring said action, or logging said action (col. 303, lines 3-20). 
7. Claims 73-75 and 78-80are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ronning in view of Lacan. 
Regarding claims 73 and 130: 

Ronning discloses a method and system for information protection, comprising: defining an 
information protection policy with respect to certain information item (col. 5, lines 25-40); determining 
the measures required to protect said information according to said policy (Ibid, and col. 4, lines 17- 
23); and allowing said usage on a computer workstation of information comprising said items for 
which an information protection policy is defined only while said required measures are being applied 
(Ibid). 
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Although Ronning discloses using statistics and statistical analysis in the disclosed system 
(col. 13, line 35 - col. 14, line 45), it appears to be silent regarding using the statistical analysis to 
identify confidential information. However, Lacan discloses a general technique for data 
management using statistical analysis to identify confidential information in one's data (col. 6, lines 5- 
20; col. 6, line 50 - col. 7, line 20; col. 8, lines 5-15). The claims are thus obvious because the ability 
to use statistical analysis to identify confidential data was a technique that was within the capabilities 
of one of ordinary skill in the art, in view of its teaching for improvement in similar situations. 
Regarding claim 74: 

Ronning further discloses protecting information with a client software application (elements 
68-74 of Figure 4A). 
Regarding claim 75: 

Ronning further discloses disabling at least one of the controls of said application (col. 6, lines 
25-40). 

Regarding claim 78: 

Ronning further scanning at least one storage device and identifying the existence of pre- 
defined information objects (col. 6, lines 40-60). 
Regarding claim 79: 

Ronning further discloses wherein said pre-defined objects comprise confidential information 
objects (Ibid, and Figures 4C & 6). 
Regarding claim 80: 



Application/Control Number: 10/748,178 Page 17 

Art Unit: 2135 

Ronning further discloses at least one rule regarding at least one event of at least one software 
application operable to handle said information (the rule being whether the content has been 
purchased: col. 3, lines 44-47). 

8. Claims 76 and 77 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ronning in 
view of Lacan as applied to claim 73 above, and further in view of England et al. (U.S. Patent 
Application Publication 2003/0200435). 
Regarding claim 76: 

Neither Ronning nor Lacan explicitly disclose encryption of the memory of a graphic card or 
video card. However, England discloses this limitation (paragraph 0025). It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to encrypt the contents of 
a graphics card for protecting information found in the Ronning disclosure. The motivation for doing 
so would be to untrusted third parties from intercepting protected information (paragraphs 0004- 
0005). 

Regarding claim 77: 

Neither Ronning nor Lacan explicitly disclose forcing a video card or graphic card to a mode 
that causes no meaningful information to be stored in said video card's memory. However, England 
discloses this limitation (paragraph 0025). It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to ensure that no meaningful (i.e. decrypted and accessible) 
information is stored in the memory of the graphics card in the Ronning invention. The motivation for 
doing so would be to untrusted third parties from intercepting protected information (paragraphs 
0004-0005). 
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9. Claims 107-109 are rejected under 35 U.S.C. 103(a) as being unpatentable over "Java 
Security: How to Install the Security Manager and Customize Your Security Policy" (hereinafter, 
"Venners") in view of Lacan. 
Regarding claim 107: 

Venners discloses a method for computer workstation based information protection 
comprising: detecting an event at said workstation (pages 1-2, "The Security Manager and the Java 
API"); directing handling of said event (Ibid); and employing information protection based on an 
assessment of an importance of said event to protection of information indicated as requiring 
protection technique (Ibid; cf. page 3, "Security beyond the architecture"). 

Although Venners discloses managing file access (page 2, last two bullet points on the first list 
therein), it appears to be silent regarding managing file access on the basis of using statistical 
analysis to identify confidential information. However, Lacan discloses a general technique for data 
management using statistical analysis to identify confidential information in one's data, in order to 
permit access to only those who are authorized to access it (col. 6, lines 5-20; col. 6, line 50 - col. 7, 
line 20; col. 8, lines 5-15). The claims are thus obvious because the ability to use statistical analysis 
to identify confidential data was a technique that was within the capabilities of one of ordinary skill in 
the art, in view of its teaching for improvement in similar situations. 
Regarding claim 108: 

Venners further discloses handling an event, said event being designated as directing 
information protection (pages 1-2, "The Security Manager and the Java API"); and employing a said 
information protection technique in reaction to said event (Ibid). 
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Regarding claim 109: 

Venners discloses wherein said event comprise any of: loading a local operating system, 
loading an application, user action, presenting a specific information into the system, an event 
generated by another system, suspicious activity, operating system time event, and a network time 
event (bulleted list on page 2). 

Conclusion 

1 0. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded 
of the extension of time policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing 
date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the 
mailing date of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Thomas Gyorfi whose telephone number is (571)272-3849. The examiner can 
normally be reached on 8:30am - 5:00pm Monday - Friday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kim Vu can be reached on (571 ) 272-3859. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained 
from either Private PAIR or Public PAIR. Status information for unpublished applications is available 
through Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information system, call 800- 
786-9199 (IN USA OR CANADA) or 571-272-1000. 

TAG 
5/23/08 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



